I run a bunch of CentOS 6 physical servers as QEMU virtualization devices. These hosts have two NICs, one for management and one for virtual machine bridges.
When you use Linux for virtualization, it’s important to increase the amount of memory for network transmit and receive buffers. You also need to disable GSO and TSO, . . . → Read More: ifup-local on bridge members on CentOS
So I’m trying to upgrade my Ansible server to the newest OpenBSD snapshot, which involves working at the console. I go to my virtual server control panel, click on the link to the Java applet, and get told that Java won’t run this application.
Turns out that Java has trusted self-signed certificates for applications until . . . → Read More: Jan 2014 Java update broke me
It seems that ntpd has turned into the latest DDOS amplifier. I run a lot of servers, and most of them use the standard ntp client. I need to verify that none of my servers can be used for DDOS amplification. To do this, I need to give all the clients a standard NTP configuration, . . . → Read More: Ansible and PF, plus NTP
After years of only needing central auth for Unix-like systems, I need to integrate Windows clients into my auth mix. Rather than munging my current OpenLDAP directory to contain Windows information, I elected to migrate to Samba 4. Samba 4 can act as a Windows domain controller and also exposes an LDAP interface for Unix . . . → Read More: FreeBSD authentication against Samba 4 LDAP
I’m setting up a new FreeBSD web server. As 10.0 is just around the corner, I installed 10.0-BETA2. BETA4 is out, so it’s time to upgrade.
# freebsd-update -r 10.0-BETA4 upgrade Looking up update.FreeBSD.org mirrors… 5 mirrors found. …
That all looks good. Then I installed the update
# freebsd-update install …
And the install . . . → Read More: FreeBSD-update seems to hang on 10.0-BETA2
I have an old mail server running Postfix and courier-imap. We want to split our customers off onto their old server, preferably something with a pretty pointy-clicky interface so that they can manage their own accounts. (Yes, people do still buy email service these days.)
The old server runs FreeBSD, postfix, and courier-imap. The new . . . → Read More: Moving mailboxes from Courier/Maildir to DirectAdmin/dovecot/Maildir
Last night’s talk on OpenBSD is now live in the mug.org channel.
Part 1 Part 2
UPDATE: All in one.
Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. (Brian was a very good spots, and learned an important lesson about volunteering, e.g.: don’t.) We also talk long long . . . → Read More: mug.org OpenBSD talk on-line
I was researching next week’s OpenBSD talk and thought “You know, I ought to tell the story about VRRP, CARP, and Cisco. That’s a good one, and it illustrates how the OpenBSD community works and thinks.” It’s been ten years, so I decided to do some research to make sure I had my facts straight.
. . . → Read More: Cisco supports CARP? Ha ha ha hahaha…
The fine folks at BSDNow.tv have requested my presence this Wednesday for an interview. We’ll talk sudo, FreeBSD, OpenBSD, and whatever else comes to mind.
You can watch it live, this Wednesday at 2PM EST.
PS: Hey, boss, I’ll be out Wednesday afternoon. Personal business.
I use SolusVM as a virtualization solution, mainly because it’s pretty cheap and mostly effective. The new web-managed migration feature requires that the master node have SSH access into the slave nodes. As root. (Insert lots of swearing here.)
This isn’t a problem, except that I centrally manage my OpenSSH configuration with Ansible. I don’t . . . → Read More: checking group membership in Ansible templates